Last week, the media went schizophrenic over the Windows Vista speech recognition ‘loophole’ which allowed anyone with a microphone to have full access over your computer. Granted, you must also be partially-deaf, turned your speaker volume to full, carefully place your microphone next to the speakers, turn on speech recognition and train your speech profile as if you were someone else. It might sound incredibly challenging to get this exploit working properly, but the media assures this exploit is a “fatal flaw”, so obviously Microsoft is to blame and Vista gets a big red “Fail” on security.

This week, two top Swedish security experts only to be named “Long” and “Zheng”, to hide their identity from Microsoft, exposes many more “fatal” security flaws inside the newborn operating system, Windows Vista. Here are the two most dangerous exploits you should be concerned about.

The first exploit is a bug inside the keyboard and mouse subsystem which enables the targeted system to be hijacked and maliciously delete files, folders, music, torrents and other important sounding stuff without the user’s authorization or control.

Details of how such an exploit works are sketchy, but leaked documents reveal the keyboard and mouse APIs offers unprecedented amount of control over an operating system, allowing anyone and everyone to have full access to your computer with or without your authorization. This exploit allows anyone ranging from younger siblings to gang leaders who could use brute force, such as a punch or tickle, to gain access to your keyboard and mouse cursors and perform malicious activities such as browsing The Inquirer or deleting vital fraudulent financial documents.

A second exploit highlights a serious flaw inside the popular Windows-platform development tool, Visual Studio. An undocumented feature inside this software is said to enable the ability for malicious users to compile and execute unsigned and potentially damaging source code. If users somehow come across malicious source code and decide to copy, paste, compile and execute within Visual Studio, the resulting application could change wallpapers, block access to YouTube, increase the volume and other serious irreversible damages to the computer system.

Nobody knows exactly how or why Microsoft has designed Visual Studio to include such a dangerous and exploitable feature, but several self-proclaimed security experts has voiced their anger to Microsoft for such questions actions. “Putting lives at risk like cars on the road” says one expert, “cheese sandwiches are really good, but this is horrible like a tomato sandwich” insists another – drawing a connection between operating systems and lunch snacks.

Whilst both exploits are said to affect the entire industry of operating systems, “Long” and “Zheng” insists that only Windows is affected due to its massive user-base and pretty wallpapers. Both security experts warn if users do not switch to another operating system, Apple and the Free Software Foundation will be really upset.

Microsoft officials gave me a weird look and did not wish to comment at the time of writing.

Next week, keep an eye out for the exclusive report on why Solitaire is a fire hazard. How the end-game fireworks might burn down your operating system. Not to be missed by every innocent Solitaire player.

Post navigation

72 insightful thoughts

We are all very thankful the security experts responsibly disclosed this information. These exploits have the possibility to destroy any Windows Vista machine. I highly recommend that you delete all personal information right away before your identity is stolen. Then, take your computer and throw it out the window to protect your family. Immediately locate anti-bacterial hand wash to clean your hands of any exploit material that may have been on your keyboard and mouse.

What about Media Centre remotes? Now there’s a vulnerability if ever I saw one. Can you imagine working on a document when a Bad Guy™, with Media Centre remote, causes you to start watching Desperate Housewives. All of your valuable work gone with single push of a button.

What about Xbox 360 controllers too? I could be in the next room and blast your Excel workbook to shreds!

I thought this was serious… for a second. But this is actually very funny…

I would like to see something done about the potential Voice Activiation problem though, even if only to shutup the crazies. Maybe voice recognition could compare whats coming out of the speakers to whats being recorded by the Microphone… of course that should be an option so that headphone users and people with brains don’t get slowed down.

Has no-one heard of the biggest security hole of them all? The Non-Techie™, why do you think there are so many insecure Windows PCs in the first place? Too many Non-Techies™ keep using underhand tactics (PC World) to aquire one and using there special abilities (lack of knowledge) they systematically destroy the machine and spread themselves to other Non-Techies™.

Long, I have discovered another security exploit: The display system in Windows Vista allows anyone within the viewing angle of the PC to see the activities of the user. Rather than being a truly secure operating system, Vista allows a malicious intruder to peek over a user’s shoulder and see the contents of the PC, and a simple look downwards will reveal the user’s passwords and credit card numbers.

This is the type of security exploits Microsoft has been perpetrating for years, and we cannot stand for them any longer! I have a solution: Computing with the monitor turned off. The computer will still function as normal, but hackers will not be able to visually intrude on our systems.

Please, Long, spread the word about this exploit, so Microsoft will be forced to fix it!

As a developer who spends most of the day working in Visual Studio, I must point out an inaccuracy in your article.

First of all, there is no such thing as a signed or unsigned source code. Only executible files (.exe and .dll) can be signed.

Second, anyone foolish enough to compile and run unknown code that they have not closely examined deserves anything that happens. Having said that, there are hundreds of websites catering to developers from which I regularily download source code. But I’m careful to check it first.

Third, *every* computer that has .NET Framework installed (including all of those running Windows Vista) has command-line versions of C# and VB.NET compilers installed. So Visual Studio is not required to compile and execute source code.

Last, there may well be some security flaw in Visual Studio. I’m going to check that out. But there are some flaws in your description that need to be corrected.

Bullshit. Windows Vista speech recognition ‘loophole’. This isnt a fuckin loophole. If you have your mic near your speaker of course your mic will pick up the sound dumbasses.

And your other bugs and exploits have no grounding! I can easily say there is a exploit in Mac that if you leave a chess widget on your desktop, the rook begins to harvest your personal information. HOW I know, I don’t need to fuckin say.I will just say I will protect my name incase steve jobs gets pissed off and decideds to do a hit on me, I will call myelf dr.dildo. Because you dumbasses think Microsoft will come after you for finding an exploit? Are you retards?

“The first exploit is a bug inside the keyboard and mouse subsystem which enables the targeted system to be hijacked and maliciously delete files, folders, music, torrents and other important sounding stuff without the user’s authorization or control.”

Ok, subsystem? What subsystem dick? You talking about drivers? OKAY, which Mouse, Which Keyboards were involved that contained a bug in their drivers? If i go to best buy I can see more than 200+ keyboards and mouses. Each have a different driver.

Frank, you need to realize satire when you see it. Maybe you’re just too new to the concept. The keyboard and mouse subsystem handles user input. The input, initiated by a user’s fingers, is the malicious culprit. A child could come to the keyboard and delete stuff using only your mouse and keyboard, and Vista wouldn’t know the difference. Oddly enough, this exploit seems to have carried over to the Mac as well.

I *dont* blame Frank for his anger (The words a bit too strong). Very few people read the whole post. And in as much as funny and well presented Long’s satire is, it can prove damaging. Not every reader of Long’s is tech savvy. Especially if there are people who think of internet as pipes and tubes :D. But none the less was funny

Hangman don’t forget to disconnect your webcam too, another security hole has been discovered in the way Windows Vista handless web video calls, If you accidentally forget to close the Messenger Window after you finish your video call a malicious user could see you naked running around your room! Vista will not close the video window automatically after a minutes of inactivity as it should, I just can’t believe Microsoft allows these loopholes continue to plague its OSes!

I am an Developer of the Windows Vista Operating System, i was reading about the famous exploits that vista has!!

ha! ha ha!

Is incredible how people are trying to get attention.
I ‘m not saying that vista is Perfect, but we did a very good job and we are Proud off it. And Whatever people says there Os no exploit until they prove them!!

Looking ahead to the upcoming article about the Solitaire fire hazard I have to proudly say that I am way ahead of you. I have been using a third party Solitaire game and my computer hardly ever catches on fire.

as for teh mce remote exploit yes it works! I used a learning remote to copy an mce remote, and then opened a mates porn collection from outside while his girl friend was watching the OC. The secret was getting a strong enough ir sender.
Fortunately she liked it, so I didn’t need to find a new mate. 🙂

P.S. so why does MCE vista crash so much? must be 15 time a hour at least.

I wouldn’t be surprised if another boo boo appears next month 🙂 While I’m sure Microsoft has already tested Vista for possible errors, the best crash dummies are still the consumers. Anyway, if you don’t want to end up being the topic author of another Vista blunder, make sure that you have the right drivers. I’m getting mine at http://www.radarsync.com/vista. Goodluck to all of us Vista users.

found another exploit, malicious hacker ring calling themselves Home Depot, sell, hardware called Sledgehammer, that when installed into a pc will render it completely useless…
btw, deleted solitaire after my fingers were burnt on the stove, i think solitaire was responsible…

I am taking a painful Vista Security class and stumbled on this site.. I haven’t laughed so hard in days! I am going to make you a favorite and visit often… 😉 Ugh! The comments! I about peed myself when I read Frank’s from above!

@ none –
I note that fanboy post (re: debian) was made during the time frame debian was creating those easily hacked/faked certs, and it was left for all here to see. Divisivness only serves the hackers, so if you are looking forward to ID Theft happening to you, I’d say you are doing a bang-up job – WTG!

Well, funny, yes, and, ok, many holes reported on many software products are quite a bluff, but be careful, there are some flaws that are actually there, and maybe you don’t know how they can be exploited, but someone smarter than you actually can. It has happened before, and it will still happen in the future.